http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11307
Martin Renvoize <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #23169|0 |1 is obsolete| | Attachment #23170|0 |1 is obsolete| | --- Comment #6 from Martin Renvoize <[email protected]> --- Created attachment 23175 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23175&action=edit [PASSED QA] Bug 11307 : Potential XSS attack in rss feed To test: 1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=a&count=50"'<h1>test</h1>&sort_by=acqdate_dsc&format=rss2 2/ look at the source, notice <opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage> 3/ apply the patch, and reload url 4/ source now contains <opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage> Signed-off-by: Mark Tompsett <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
